Home page logo

fulldisclosure logo Full Disclosure mailing list archives

sacred (pcgame) server flaw
From: "the.soylent" <the.soylent () gmail com>
Date: Sun, 21 Nov 2004 03:25:33 +0100

Program: Sacred (pc game)
type: simple DoS, no client-auth
affected version: <

-fixed in later versions (> (dated:31.08.2004)
-this security-lag exits for nearly half a year. although ascaron was informed at the date of release (02.03.2004), nothing happens long time.

Use telnet client to connect to game-port, u will see that a valid(!) user connects. 16 times, and server will not accept any more connections (from valid users for example).
after "fake-clients" get a timeout, only one of them gets kicked.

example: http://forum.sacred-game.com/attachment.php?attachmentid=1209 (nothing special)

greetz soylent

stop that "Why is IRC still around?" -crap !!!

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • sacred (pcgame) server flaw the.soylent (Nov 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]